Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
sourcegraph.com/sourcegraph/apptrace
Appdash is an application tracing system for Go, based on Google's Dapper and Twitter's Zipkin.
Appdash allows you to trace the end-to-end handling of requests and operations in your application (for perf and debugging). It displays timings and application-specific metadata for each step, and it displays a tree and timeline for each request and its children.
To use appdash, you must instrument your application with calls to an appdash recorder. You can record any type of event or operation. Recorders and schemas for HTTP (client and server) and SQL are provided, and you can write your own.
To install appdash, run:
go get -u sourcegraph.com/sourcegraph/appdash/cmd/...
A standalone example using Negroni and Gorilla packages is available in the examples/cmd/webapp
folder.
A demo / pure net/http
application (which is slightly more verbose) is also available at cmd/appdash/example_app.go
, and it can be ran easily using appdash demo
on the command line.
Questions or comments? Join us on #sourcegraph in the Gophers slack!
Appdash uses vfsgen to package HTML templates with the appdash binary for
distribution. This means that if you want to modify the template data in traceapp/tmpl
you can first build using the dev
build tag, which makes the template data be reloaded from disk live.
After you're finished making changes to the templates, always run go generate sourcegraph.com/sourcegraph/appdash/traceapp/tmpl
so that the data_vfsdata.go
file is updated for normal Appdash users that aren't interested in modifying the template data.
Appdash follows the design and naming conventions of Google's Dapper. You should read that paper if you are curious about why certain architectural choices were made.
There are 4 main components/concepts in appdash:
Appdash has clients available for Go, Python (see python/
subdir) and Ruby (see https://github.com/bsm/appdash-rb).
Appdash supports the OpenTracing API. Please see the
opentracing
subdir for the Go implementation, or see the GoDoc
for API documentation.
appdash was influenced by, and uses code from, Coda Hale's lunk.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.